1. Field of the Invention
The present invention relates to the field of computer security. More specifically, the present invention relates to a method and an apparatus for managing public keys by using a server that stores associations between public keys and email addresses.
2. Related Art
The advent of computer networks has led to an explosion in the development of applications that facilitate rapid dissemination of information. In particular, electronic mail (email) is becoming the predominant method for communicating textual and other non-voice information. Using email, it is just as easy to send a message to a recipient on another continent as it is to send a message to a recipient within the same building. Furthermore, an email message typically takes only minutes to arrive, instead of the days it takes for conventional mail to snake its way along roads and through airports.
One problem with email is that it is hard to ensure that sensitive information sent through email is kept confidential. This is because an email message can potentially traverse many different computer networks and many different computer systems before it arrives at its ultimate destination. An adversary can potentially intercept an email message at any of these intermediate points along the way.
One way to remedy this problem is to “encrypt” sensitive data using an encryption key so that only someone who possesses a corresponding decryption key can decrypt the message. (Note that for commonly used symmetric encryption mechanisms the encryption key and the decryption key are the same key.) A person sending sensitive data through email can encrypt the sensitive data using the encryption key before it is sent through email. At the other end, the recipient of the email can use the corresponding decryption key to decrypt the sensitive information.
Managing encryption keys for the millions of users who can potentially send encrypted email message is a challenging task. Some existing key management systems operate by enrolling public keys for users with an “identity authority.” An identity authority typically operates by verifying the identities of owners of public keys as well as keeping track of revoked public keys.
However, existing systems have a number of shortcomings. The verification process is often cumbersome. It typically involves some type of manual check, such as making a telephone call, taking a fingerprint, or receiving personal information from an owner of a public key. Although such manual checks provide a measure of security, they are time-consuming and can be impractical to perform for a large number of users.
Another shortcoming is that the key revocation process does not work well. Some existing systems make use of a “certificate revocation list” (CRL), which contains a listing of revoked certificates. Before using a public key, a client typically checks a locally stored copy of a CRL to verify that the public key has not been revoked. However, a locally stored copy of a CRL may be updated only occasionally (for example, once a week), which means the locally stored copy of the CRL may not be current. This can create problems. For example, an employee who leaves a company may continue to receive sensitive encrypted email messages until the locally stored copy of the CRL is updated.
Furthermore, a CRL can grow very large over time as more and more certificates are revoked. In some cases, a CRL can contain millions of entries! Hence, a locally stored copy of a CRL can require a large amount space to store, and can be cumbersome to update.
What is needed is a method and apparatus for managing encryption keys that does not require a time-consuming manual check during the verification process, and that does not suffer from the shortcomings of using a CRL to keep track of revoked keys.